Earlier this month we picked up a piece of news quite disturbing: Microsoft is not patching some bugs in Windows 7 or Windows 8.1, yes you are patching in Windows 10. This means that hackers can know what are the bugs patched, and exploit the vulnerability in older operating systems that are still used, and that should also be up to date in terms of updates.
Vulnerability that allows you to steal passwords: patched in Windows 10 but not in Windows 7
In fact, Windows 7 has support for security updates guaranteed until January 2020, while Windows 8 has until January 2023. Unfortunately not all of them are having the same support, and that will just make patent once more with after the patching of a vulnerability in Windows 10 that allowed you to steal passwords.
In particular, the patch seeks to solve a problem that allows a hacker to steal the password to access the operating system (Windows NTLM), being able to access the hashes stored in the computer without interaction from the user. In addition, hacking is not very difficult to perform, since it only requires placing a file. SCF in a shared folder within the computer.
When that file is in one of those folders, it runs due to a bug, and collects the hashes of the passwords, sending them to a remote server in the hands of the hacker. These hashes are easy to crack, being able to give later full access to the computer if the attacker has a direct connection with the user’s network.
If you have shared folders, which are password
The computers that have shared folders and use password protected, this being the option that was enabled by default in the system. However, there are some public networks of companies, universities or colleges where you share folders without password and making it vulnerable to all the computers on that network.
Microsoft has released the patch for Windows 10 and Windows Server 2016, which basically changes two entries in the registry. However, this patch has not come to previous versions of Windows because the registry modifications are not compatible with earlier versions of the Windows Firewall.
The operation of the hack explained neither by the own Juan Diego, a Colombian researcher who reported the bug last April to Microsoft. The .SCF used refers to Shell Command File, a file format that allows you to run a limited number of commands in the file browser, as the classic Show desktop of Windows, which is done through one of these files.
In the past, the attacks related to these files required that the victim acquiesce to the folder where they were located. With this vulnerability was not necessary, happening automatically. Despite having patched this attack of the type “pass-the-hash”, Diego and another German researcher claim that there are more vulnerabilities of this style, and that Microsoft has taken several months in patching. Where it is not going to patch never is in Windows 7, and probably will not be the last one left without a patch.